HomeHOWTO GuidesNetworking HOWTOs

How to use the remote shell (rsh)

Note: In many environments, ssh has taken over from the Berkeley r* commands (rsh, rlogin, rcp and rexec). This is because the r* commands pass all data, including passwords, across the network unencrypted and so can easily be snooped.

In a controlled environment, where security risks are not a problem, the rsh, rlogin, rcp and rexec commands are useful as they have much lower overheads than ssh and are easily available. This section gives a brief description of how to set up the server so that rsh can be used. This is especially useful in scripts which run code on the target and capture the results on the host.

  1. First ensure that xinetd is set up to start the rsh daemon on the target. The configuration file for this is /etc/xinetd.d/rsh. For details of the format of this file, see the xinetd.conf(5) man page. In particular:

    • make sure that rshd is enabled, by checking that the disable attribute is set to no,

    • pass additional options to rshd using the server_args attribute. These rshd options are:

      -L to log successful accesses to syslogd,

      -h to allow root logins.

      The configuration file could look like: 

      service shell {
                disable        = no
                socket_type    = stream 
                wait           = no 
                user           = root
                log_on_success += USERID
                log_on_failure += USERID
                server         = /usr/sbin/in.rshd 
                server_args    = -h
              }

  2. Two files are used to control access to the r* commands:

    • /etc/hosts.equiv is used for all users except root,

    • $HOME/.rhosts (in the target user's home directory) is checked after /etc/hosts.equiv if that lookup failed.

      Each file consists of a list of host and user names which should be allowed access.

    • The first column is the name of machines from which logins are allowed.

    • The second column is the name of the user who will be running rsh. If this is blank the username on the target is used.

      Each of the two fields can be set to + to indicate a wildcard.

      For example, to allow the user fred on the machine saturn to log in as root on the target, add the line: 

      saturn fred

      to /root/.rhosts.

  3. Finally, restart inetd: 

    4. target# kill -HUP `cat /var/run/inetd.pid`

    and try it out: 

    host% rsh -l root target uname -a